Overview

overview

10

Static

static

412483d863...29.exe

windows7_x64

10

412483d863...29.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

  • Size

    5.7MB

  • Sample

    220508-t2mjgacch2

  • MD5

    4c41decf8b08f8d5bb5445cc37a7065b

  • SHA1

    2c60eb30ac92c79746bf6cc75d718726031926b5

  • SHA256

    412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

  • SHA512

    945860033f9909d54432e99b8376f6c723e9d4561db82b367bbd73171b06634011beb4539e8f83b91b6ffcd046e9b402aa7fc7fea7c22486746cb994f555a816

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

    • Size

      5.7MB

    • MD5

      4c41decf8b08f8d5bb5445cc37a7065b

    • SHA1

      2c60eb30ac92c79746bf6cc75d718726031926b5

    • SHA256

      412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29

    • SHA512

      945860033f9909d54432e99b8376f6c723e9d4561db82b367bbd73171b06634011beb4539e8f83b91b6ffcd046e9b402aa7fc7fea7c22486746cb994f555a816

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks